• Goa'19
  • Training
  • Practical Side-channel Attacks

Practical Side-channel Attacks

Stjepan Picek

Register Now
stjepan-picek

Trainer Name: Stjepan Picek
Title: Practical Side-channel Attacks
Duration: 2 Days
Dates: 27th - 28th Feb 2019

The course is an intense 2 days program aimed for those interested in side-channel attacks. The course will offer a hands-on in both non-profiled and profiled attacks where a special emphasis will be given on machine learning-based attacks.The program will be led by an assistant professor in security with an extensive experience in both side-channel attacks and machine learning.

During the program, the participants will learn what are side-channel attacks, how to mount them, and how to defend against such attacks.

For the purposes of training, we will provide a number of datasets (both real-world and from simulations) containing measurements for non-profiled and profiled attacks. Such datasets will allow the participants to gain experience and insights into the behavior of various settings with respect to the leakage model, level of noise, countermeasure applied, etc.A special emphasis will be given on machine learning techniques where we will cover various stages of an attack: feature engineering, model selection, hyperparameter tuning, model validation.

During the entire duration of the course, the participants are expected to: 

  • Obtain an understanding of side-channel attacks.
  • Understand non-profiled and profiled attacks.
  • Understand common countermeasures against side-channel attacks.
  • Run a number of side-channel attacks.

Teaching methodology

The course offers a combined theory and hands-on.

Course Outline

Day-1

  • Module 0: Side-channel attacks in general
  • a) What are the side-channel attacks? We discuss what are side-channel attacks and common side-channels. Next, we briefly recall the AES cipher since we use AES measurements during the workshop.
    b) Leakage models. Hamming weight, Hamming distance, intermediate value models.
    c) Distinguishers. The difference of Means, Pearson, MIA.

  • Module 1: Non-profiled side-channel attacks
  • a) Simple Power Analysis
    b) Differential Power Analysis. We implement CPA and run tests with both simulated and data from a device.

  • Module 2: Performance metrics
  • a) Success rate
    b) Guessing entropy

  • Module 3: Points of interest and how to select them. Filter selection methods (Pearson correlation coefficient, SOSD/SOST), Wrapper selection methods, Hybrid selection methods.
  • Module 4: Countermeasures
  • a) Masking countermeasures. Boolean and arithmetic masking.
    b) Hiding countermeasures. Random delay.

Day-2

  • Module 5: Profiled side-channel attacks
  • a) Profiled vs non-profiled, supervised vs semi-supervised vs unsupervised.

  • Module 6: Template attack.
  • a) We implement template attack and run experiments with several datasets.
    b) Pooled template attack and difference from template attack.

  • Module 7: Machine learning-based attacks.
  • a) We use Python to run several machine learning-based attacks (Random Forest, Naive Bayes, Multilayer perceptron, Support Vector Machine).
    b) Deep learning and convolutional neural networks.
    c) We discuss the influence of the level of noise, the number of classes/traces/features, countermeasures to the performance of profiled attacks.

Who should take this course?

Anyone interested in side-channel attacks. This course will cover both beginners and advanced topics so no prior knowledge on side-channel attacks is required. Some basic understanding of machine learning is a plus but not mandatory. To facilitate the course progress, participants are expected to know Python. Knowledge of programming is required (preferably Python).
Participants should bring their own laptops with installed Python, USB, and Internet access.
All participants will get the presentation materials.

About Trainer:

Stjepan Picek is an assistant professor in the Cybersecurity group at TU Delft, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Prior to the assistant professor position, Stjepan was a postdoctoral researcher at ALFA group, MIT, USA. Before that, he was a postdoctoral researcher at KU Leuven, Belgium as a part of the Computer Security and Industrial Cryptography (COSIC) group.Stjepan finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, Stjepan gave more than 10 invited talks at conferences and summer schools and published more than 70 refereed papers in both evolutionary computation and cryptography journals and conferences. Stjepan is a member of the organization committee for International Summer School in Cryptography and president of the Croatian IEEE CIS Chapter. He is a general co-chair for Eurocrypt 2020, program committee member and reviewer for a number of conferences and journals, and a member of several professional societies.

Copyright © 2018-19 | Nullcon India | International Security Conference | All Rights Reserved